- What: Red Hat released a security update for multiple gstreamer1-plugins.
- Impact: Addresses unspecified vulnerabilities.
Red Hat Product Errata RHSA-2026:9446 - Security Advisory Issued: 2026-04-21 Updated: 2026-04-21 RHSA-2026:9446 - Security Advisory Overview Updated Packages Synopsis Important: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for multiple packages is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es): GStreamer: GStreamer: Remote Code Execution via heap-based buffer overflow in JPEG parser (CVE-2026-3082) GStreamer: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay (CVE-2026-3085) GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling (CVE-2026-2921) GStreamer: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay (CVE-2026-3083) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 x86_64 Red Hat Enterprise Linux Server - AUS 8.4 x86_64 Fixes BZ - 2447492 - CVE-2026-3082 GStreamer: GStreamer: Remote Code Execution via heap-based buffer overflow in JPEG parser BZ - 2447495 - CVE-2026-3085 GStreamer: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay BZ - 2447496 - CVE-2026-2921 GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling BZ - 2447498 - CVE-2026-3083 GStreamer: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay CVEs CVE-2026-2921 CVE-2026-3082 CVE-2026-3083 CVE-2026-3085 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 SRPM gstreamer1-plugins-bad-free-1.16.1-4.el8_4.src.rpm SHA-256: 03ee211647ce95e3dacdb39e9d343ff22d1965e9d3ca02e1fe6fda80763b9551 gstreamer1-plugins-base-1.16.1-4.el8_4.src.rpm SHA-256: b4473431f526aac507e172eadada11799708cef9b20508b276d33a015b13f304 gstreamer1-plugins-good-1.16.1-4.el8_4.src.rpm SHA-256: 3f1a2b01829f8fd9298d93b60b42f6f7a99fca5a50499477bd14ce292b6c447f x86_64 gstreamer1-plugins-bad-free-1.16.1-4.el8_4.i686.rpm SHA-256: a5a4b331c81de41b88856f7ce614078c6a34f49130a9dbd331cb978bee14d154 gstreamer1-plugins-bad-free-1.16.1-4.el8_4.x86_64.rpm SHA-256: f99edcf946b17550e4f550700f6ed7963c91471abeee8662ed3bd664f848fa8f gstreamer1-plugins-bad-free-debuginfo-1.16.1-4.el8_4.i686.rpm SHA-256: a0741dc8a6d857258b7b258dd133e7b91db1d0d7ceaa778000f93b39f3542869 gstreamer1-plugins-bad-free-debuginfo-1.16.1-4.el8_4.x86_64.rpm SHA-256: 1a53a1446fbbbc847fb0e9484ed5e9626a0f14b707669b424743ae704d026ac1 gstreamer1-plugins-bad-free-debugsource-1.16.1-4.el8_4.i686.rpm SHA-256: a361a1d9c23d6e1bd03f63029319c13d7d38cf517d238e4ca882de322ef5b2b1 gstreamer1-plugins-bad-free-debugsource-1.16.1-4.el8_4.x86_64.rpm SHA-256: 0bd9e59c21635178624919710c3a29f4333deaa768a76af0677bb71970ffbbbd gstreamer1-plugins-base-1.16.1-4.el8_4.i686.rpm SHA-256: 52830e088476b02382895374bd644f0bf27a4b558d05e0d3ce006cb718f9ca98 gstreamer1-plugins-base-1.16.1-4.el8_4.x86_64.rpm SHA-256: 5f7b6d941a78e19dde59bc3b2e438b5d3448736a62c32b327f8c3c9518b61508 gstreamer1-plugins-base-debuginfo-1.16.1-4.el8_4.i686.rpm SHA-256: 0f384a4ad0cae1b98195adde38cbfbd7ee4ebc9d90f4dcb8eed3ee8d05f180d0 gstreamer1-plugins-base-debuginfo-1.16.1-4.el8_4.x86_64.rpm SHA-256: b16624fcce0f576abe98dbf88c73912f8afb8eb96e210a3a0fcc315fe2f8abce gstreamer1-plugins-base-debugsource-1.16.1-4.el8_4.i686.rpm SHA-256: 898b904a4b1c2124de2b64d76da389627ca87ae7f1de684ac15d31214d448be3 gstreamer1-plugins-base-debugsource-1.16.1-4.el8_4.x86_64.rpm SHA-256: 2ba6cb286432e364ce0771faf5edbc885c4b1abb441b03218756269f77cb9281 gstreamer1-plugins-base-devel-1.16.1-4.el8_4.i686.rpm SHA-256: 6c06862ba70c2b6bc3db263826ed22b66989d48f3b25a7db1c5bade134f3825a gstreamer1-plugins-base-devel-1.16.1-4.el8_4.x86_64.rpm SHA-256: 5f766ee6947a5dfd20f58ae408305e1163c75e224cb1d0fb0da01d583bc9dbf8 gstreamer1-plugins-base-tools-debuginfo-1.16.1-4.el8_4.i686.rpm SHA-256: da53079253e7341f291ce3fc6cd1db88bec1369abe78f6bba68d2b98ef221a30 gstreamer1-plugins-base-tools-debuginfo-1.16.1-4.el8_4.x86_64.rpm SHA-256: a23e69c60d5d244e737a7f33930693414504ed1ed99ad13384a7c36dc6237b07 gstreamer1-plugins-good-1.16.1-4.el8_4.i686.rpm SHA-256: 85c0e62e610d749ea2f1cc18f89f5c06cddabe45efce46d0c51d4f89d57b43ca gstreamer1-plugins-good-1.16.1-4.el8_4.x86_64.rpm SHA-256: 21225556dcfc2f216f7164b85f78bb9c6334f591809d2d6bf6c085ec45911b24 gstreamer1-plugins-good-debuginfo-1.16.1-4.el8_4.i686.rpm SHA-256: 9f57cd6d2cbb2ef94dbc6dd651763084e70cc41f5f7005b8a15549f387dacbff gstreamer1-plugins-good-debuginfo-1.16.1-4.el8_4.x86_64.rpm SHA-256: c6746db2345ae3d4f8f7125fc76ab0845fa7071211ef5ff61d6c108ade427e81 gstreamer1-plugins-good-debugsource-1.16.1-4.el8_4.i686.rpm SHA-256: 74737630b6cbcaadc7402e92a939b955f87f7273971c564c3bbf123082841777 gstreamer1-plugins-good-debugsource-1.16.1-4.el8_4.x86_64.rpm SHA-256: ad953a1c8e61b8b7dd9c5c9443f2deb21af2437634b26cebd72bff5b97d6d244 gstreamer1-plugins-good-gtk-1.16.1-4.el8_4.i686.rpm SHA-256: 6b275e8be441e0e6c9fbf5492763ab24065a70bb31a0b0515ef02fd2aa68de36 gstreamer1-plugins-good-gtk-1.16.1-4.el8_4.x86_64.rpm SHA-256: 402f6b64eac34cb6c786f4a843ae272002f1384f56afbea46dc9800ad1bbabc2 gstreamer1-plugins-good-gtk-debuginfo-1.16.1-4.el8_4.i686.rpm SHA-256: ddb3a20add1bc23a356f16a34f889f35ccd570447ee8c7c2aa926cd652629a63 gstreamer1-plugins-good-gtk-debuginfo-1.16.1-4.el8_4.x86_64.rpm SHA-256: f8bf019b7ff6eb25968b7adbdd3129952581c1ca30b6925a1e980c1c462a5087 Red Hat Enterprise Linux Server - AUS 8.4 SRPM gstreamer1-plugins-bad-free-1.16.1-4.el8_4.src.rpm SHA-256: 03ee211647ce95e3dacdb39e9d343ff22d1965e9d3ca02e1fe6fda80763b9551 gstreamer1-plugins-base-1.16.1-4.el8_4.src.rpm SHA-256: b4473431f526aac507e172eadada11799708cef9b20508b276d33a015b13f304 gstreamer1-plugins-good-1.16.1-4.el8_4.src.rpm SHA-256: 3f1a2b01829f8fd9298d93b60b42f6f7a99fca5a50499477bd14ce292b6c447f x86_64 gstreamer1-plugins-bad-free-1.16.1-4.el8_4.i686.rpm SHA-256: a5a4b331c81de41b88856f7ce614078c6a34f49130a9dbd331cb978bee14d154 gstreamer1-plugins-bad-free-1.16.1-4.el8_4.x86_64.rpm SHA-256: f99edcf946b17550e4f550700f6ed7963c91471abeee8662ed3bd664f848fa8f gstreamer1-plugins-bad-free-debuginfo-1.16.1-4.el8_4.i686.rpm SHA-256: a0741dc8a6d857258b7b258dd133e7b91db1d0d7ceaa778000f93b39f3542869 gstreamer1-plugins-bad-free-debuginfo-1.16.1-4.el8_4.x86_64.rpm SHA-256: 1a53a1446fbbbc847fb0e9484ed5e9626a0f14b707669b424743ae704d026ac1 gstreamer1-plugins-bad-free-debugsource-1.16.1-4.el8_4.i686.rpm SHA-256: a361a1d9c23d6e1bd03f63029319c13d7d38cf517d238e4ca882de322ef5b2b1 gstreamer1-plugins-bad-free-debugsource-1.16.1-4.el8_4.x86_64.rpm SHA-256: 0bd9e59c21635178624919710c3a29f4333deaa768a76af0677bb71970ffbbbd gstreamer1-plugins-base-1.16.1-4.el8_4.i686.rpm SHA-256: 52830e088476b02382895374bd644f0bf27a4b558d05e0d3ce006cb718f9ca98 gstreamer1-plugins-base-1.16.1-4.el8_4.x86_64.rpm SHA-256: 5f7b6d941a78e19dde59bc3b2e438b5d3448736a62c32b327f8c3c9518b61508 gstreamer1-plugins-base-debuginfo-1.16.1-4.el8_4.i686.rpm SHA-256: 0f384a4ad0cae1b98195adde38cbfbd7ee4ebc9d90f4dcb8eed3ee8d05f180d0 gstreamer1-plugins-base-debuginfo-1.16.1-4.el8_4.x86_64.rpm SHA-256: b16624fcce0f576abe98dbf88c73912f8afb8eb96e210a3a0fcc315fe2f8abce gstreamer1-plugins-base-debugsource-1.16.1-4.el8_4.i686.rpm SHA-256: 898b904a4b1c2124de2b64d76da389627ca87ae7f1de684ac15d31214d448be3 gstreamer1-plugins-base-debugsource-1.16.1-4.el8_4.x86_64.rpm SHA-256: 2ba6cb286432e364ce0771faf5edbc885c4b1abb441b03218756269f77cb9281 gstreamer1-plugins-base-devel-1.16.1-4.el8_4.i686.rpm SHA-256: 6c06862ba70c2b6bc3db263826ed22b66989d48f3b25a7db1c5bade134f3825a gstreamer1-plugins-base-devel-1.16.1-4.el8_4.x86_64.rpm SHA-256: 5f766ee6947a5dfd20f58ae408305e1163c75e224cb1d0fb0da01d583bc9dbf8 gstreamer1-plugins-base-tools-debuginfo-1.16.1-4.el8_4.i686.rpm SHA-256: da53079253e7341f291ce3fc6cd1db88bec1369abe78f6bba68d2b98ef221a30 gstreamer1-plugins-base-tools-debuginfo-1.16.1-4.el8_4.x86_64.rpm SHA-256: a23e69c60d5d244e737a7f33930693414504ed1ed99ad13384a7c36dc6237b07 gstreamer1-plugins-good-1.16.1-4.el8_4.i686.rpm SHA-256: 85c0e62e610d749ea2f1cc18f89f5c06cddabe45efce46d0c51d4f89d57b43ca gstreamer1-plugins-good-1.16.1-4.el8_4.x86_64.rpm SHA-256: 21225556dcfc2f216f7164b85f78bb9c6334f591809d2d6bf6c085ec45911b24 gstreamer1-plugins-good-debuginfo-1.16.1-4.el8_4.i686.rpm SHA-256: 9f57cd6d2cbb2ef94dbc6dd651763084e70cc41f5f7005b8a15549f387dacbff gstreamer1-plugins-good-debuginfo-1.16.1-4.el8_4.x86_64.rpm SHA-256: c6746db2345ae3d4f8f7125fc76ab0845fa7071211ef5ff61d6c108ade427e81 gstreamer1-plugins-good-debugsource-1.16.1-4.el8_4.i686.rpm SHA-256: 74737630b6cbcaadc7402e92a939b955f87f7273971c564c3bbf123082841777 gstreamer1-plugins-good-debugsource-1.16.1-4.el8_4.x86_64.rpm SHA-256: ad953a1c8e61b8b7dd9c5c9443f2deb21af2437634b26cebd72bff5b97d6d244 gst